CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
12.7%
Sebastian Krahmer reports:
Sebastian Krahmer of the SuSE security team discovered
that the System.CodeDom.Compiler classes used temporary
files in an insecure way. This could allow a symbolic link
attack to create or overwrite arbitrary files with the
privileges of the user invoking the program. Under some
circumstances, a local attacker could also exploit this to
inject arbitrary code into running Mono processes.